CVE-2016-0708

>= 166 and <= 227

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, inclu

5.9MEDIUM

CVE-2016-2169

< 237

Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business log

5.3MEDIUM

CVE-2016-6658

< 245

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to t

9.6CRITICAL

CVE-2018-1195

< 283

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud C

8.8HIGH

CVE-2018-1190

<= 269

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2,

6.1MEDIUM

CVE-2017-14389

< 280

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to

6.5MEDIUM

CVE-2017-8031

<= 278

An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6,

5.3MEDIUM

CVE-2015-5173

< 216

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow

8.8HIGH

CVE-2015-5172

< 216

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow

9.8CRITICAL

CVE-2015-5171

< 216

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF

9.8CRITICAL

CVE-2015-5170

< 216

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow

8.8HIGH

CVE-2017-8048

all versions

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the

7.8HIGH

CVE-2017-8047

<= 273

In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applicat

6.1MEDIUM

CVE-2016-0732

>= 208 and <= 229

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, w

8.8HIGH

CVE-2016-0713

all versions

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) at

4.7MEDIUM

CVE-2017-8037

all versions

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior t

7.5HIGH

CVE-2017-8035

>= 245 and < 268

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1

7.5HIGH

CVE-2017-8033

< 268

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-rele

7.8HIGH

CVE-2017-8034

<= 266

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v

6.6MEDIUM

CVE-2017-4992

<= 260

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17

9.8CRITICAL

CVE-2017-4991

<= 259

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16

7.2HIGH

CVE-2017-4974

<= v257

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15

6.5MEDIUM

CVE-2017-4972

<= 256

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14

7.5HIGH

CVE-2017-4970

all versions

An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regressio

5.9MEDIUM

CVE-2016-8219

< 250

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A

6.5MEDIUM

CVE-2016-8218

<= 203

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231.

9.8CRITICAL

CVE-2016-6655

<= 244

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions pri

9.8CRITICAL

CVE-2016-2165

<= 231

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.

6.5MEDIUM

CVE-2016-0780

all versions

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal

7.5HIGH

CVE-2015-3191

<= 209

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry

8.8HIGH

CVE-2015-3190

<= 209

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry

6.1MEDIUM

CVE-2015-3189

<= 208

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry

3.7LOW

CVE-2015-1834

<= 207

A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions pri

6.5MEDIUM

CVE-2017-4969

<= 254

The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and

6.5MEDIUM

CVE-2016-9882

<= 249

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0.

7.5HIGH